|
High Profile, Low Security |
|
|
|
Source: securityfocus.com - Posted by Vincenzo Ciaglia
|
I'll tell you a secret. If you're looking for a security consultant during the day and he's not in the office, you might find him in a neighborhood coffee shop consuming large doses of caffeine, and using a laptop with wireless net access. It's nice to people watch, catch up on the news, review technical articles and yes, even work, while enjoying that magic elixir (coffee) thanks to the wonders of WiFi. I find it a great way to take a break. You can imagine my disappointment early last week when I swung by one of my favorite haunts, grabbed a latte, opened up a terminal and watched my SSH attempt fail. Shoot -- their Internet connection must be down.
I quickly fired up tcpdump and was surprised to see the screen light up with packets flowing back and forth. That's odd, I thought, so I opened a browser. But instead of my usual homepage I was greeted with a stern, legal warning. My wireless coffee shop was now all grown up.
At some point since my last visit, they had implemented a rather slick wireless authentication system. The homepage explained that people had been abusing the free access, doing all sorts of nefarious things. To combat this and to protect their customers, the owners were now requiring a username and password authentication that could be obtained from a barista. Hah -- I thought, they must be handing out the same name and password to everyone. I was shocked again as the gentleman behind the counter confidently explained that they had implemented randomly generated combinations "for better security."
Read this full article at securityfocus.com
Powered by AkoComment! |
